Posts by Category
Malware Analysis
Escape From Evasion: Dominating Windows Functions with Detour
The security landscape is constantly evolving, and malware authors are always finding new ways to evade detection and...
Malware Development - DLL Sideloading
DLL sideloading is a method that allows an application to load a dynamic link library (DLL) from ...
Importance of Automated Malware Analysis
Automated malware analysis is a critical component of modern cyber security efforts. Malware, or malicious software, ...
Malware Development - DLL Injection
Recently I deeply research about malware evasion techniques, like DLL injection and process hollowing, and I decided ...
Why Attackers Particularly Use DLLs?
Many threat actors distributing DLL droppers instead of direct malicious executable these days. They implement their ...
What is DLL Injection?
DLL injection is a process of hiding malicious activity under another legitimate Windows process, which can be consid...
Bumblebee Malware Analysis - Part 1 - Bumblebee Dropper
We have to see basic details to determine further details, we check DIE and see this executable's type is DLL and ...
About Command and Control Server (C2)
Command and control servers are the primary tools cyber threat actors have in their arsenal to launch and control cyb...
Binary Exploitation
PT_LOAD Injection with Python
PT_LOAD Injection is a technique used to inject malicious code into a computer system. This is done by storing the co...
Pwn101 - TryHackMe CTF Write-up
This medium level CTF covers buffer overflow, Return to Win, Integer Overflow, GOT overwrite, bypassing mitigations...
Dear QA - TryHackMe CTF Write-up
We try buffer overflow directly, because why not? After checksec we can decide our attacking vector....
Buffer Overflow Protection - Stack Canary
Stack canaries or security cookies are randomly assigned or tell-tale parts added to binary. It aims to protect from ...
CTF Writeups
Pickle Rick - TryHackMe CTF Writeup
Check ports with nmap. We found http and ssh port in target server; http port exist so there should be a website...
Moneybox CTF Write-up
We launch target machine and our kali and opened terminal as root. Check ifconfig and grab your ip address and start ...
Deathnote CTF Write-up
We launch target machine and our kali and opened terminal as root. Check ifconfig and grab your ip address and start ...
Reverse Engineering
Rangoon CTF Write-up (Reverse Engineering)
cmp checks if edi == 1 or edi != 1 and sets ZF (zero flag). We know that argc (argument counter) is stored in edi...
Ramada CTF Write-up (Reverse Engineering)
The program check argc value and jumps another branch. If argc value is equal to 1, program prints insturactions; if ...